CVE-2025-9591 – ZrLog Cross-Site Scripting Vulnerability in Theme Configuration Form

August 28, 2025

CVE ID : CVE-2025-9591

Published : Aug. 28, 2025, 10:15 p.m. | 3 hours, 47 minutes ago

Description : A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9592 – iSourcecode Apartment Management System SQL Injection Vulnerability

Next Article CVE-2025-9590 – Weaver E-Mobile Mobile Management Platform Cross-Site Scripting Vulnerability

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Best React.js Development Services in 2025: Features, Benefits & What to Look For

Report: Samsung’s tri-fold phone, XR headset, and AI smart glasses to be revealed at Sep 29 Unpacked event

Are smart glasses with built-in hearing aids viable? My verdict after months of testing

These 7 smart plug hacks that saved me time, money, and energy (and how I set them up)

Amazon will sell you the iPhone 16 Pro for $250 off right now – how the deal works

Fake News Detection using Python Machine Learning (ML)

Fake News Detection using Python Machine Learning (ML)

Common FP – A New JS Utility Lib

Call for Speakers – JS Conf Armenia 2025

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Chrome on Windows 11 FINALLY Gets Touch Drag and Drop, Matching Native Apps

Fox Sports not Working: 7 Quick Fixes to Stream Again

Capital One Zelle not Working: 7 Fast Fixes

CVE-2025-9591 – ZrLog Cross-Site Scripting Vulnerability in Theme Configuration Form

CVE-2024-32832 – Hamid Alinia Login with Phone Number Missing Authorization

CVE-2025-31100 – Mojoomla School Management Unrestricted File Upload Vulnerability

CVE-2024-13974 – A business logic vulnerability in the Up2Date comp

CVE-2024-46546 – NEXTU FLETA AX1500 WIFI6 Router Stack Overflow Denial of Service

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

The Laravel Way to Build AI Agents That Actually Work

CVE-2025-47688 – Saad Iqbal Advanced File Manager Missing Authorization Vulnerability

CVE-2024-24915 – Check Point SmartConsole Unsecured Credentials

Interpreting and Improving Optimal Control Problems With Directional Corrections

CVE-2025-43857 – Net::IMAP Denial of Service Memory Exhaustion Vulnerability

CVE-2025-9591 – ZrLog Cross-Site Scripting Vulnerability in Theme Configuration Form

Related Posts